| With the help of modern technology, person’s daily life has undergone a huge change, as well as the rapid development of wireless network and mobile terminal technology, people have higher requirements to obtain real-time information and services from the network, the mobile Internet came into being. In support of mobile Internet technology, people can use the phone anytime, anywhere to do before computers that could be done, which makes the share of the smart phones have been a huge upgrade in recent years.In its rapid development, while the malicious behavior of the implementation for the Android platform has seriously affected the security of the personal privacy information. Privacy information leakage software is particularly serious; the software can collect the contact information of the mobile phone users, specific location information, and phone status information and send the information to the software developers, advertisers, or unknown third party website. Therefore, in order to protect the security of mobile phone user’s information, it is necessary to study Android security.Privacy information disclosure issues, foreign scholars have proposed a change application access rights method, which allows user to selectively grant permissions and limit the use of resource, and thus to limit the application of the software implementation of the malicious behavior at runtime. Because users are lack of understanding of the rights information, the motion to grant permission may result in the application not working correctly. Domestic use of privileges detection method on the software testing, it focus on the detection of installer declaration permission, can not support the APK file detection. So in order to detect the phone file, the paper studies Android application permissions detection mechanism through privileges detection method. Permission detection mechanism comprehensive utilizes feature selection algorithm, reverse engineering, and resolve on the AndroidManifest.XML files to get the installer declaration permission. To filter out the software to access the sensitive combination of permissions, we set up a filter mechanism; in the detection of installed software at the same time, also can detect the APK file. After scanning the program, the results of detection will come back to mobile phone; according to the prompt information the user makes a decision on the fate of the software. Permission detection program at the same time adds the trust module, which allows the users to view the list of trust or delete the program in the trust list.In order to verify the validity of the permission detection procedures, we test the similar software on Android phone. By functional tests, we find that the permission detection procedures proposed in this paper can timely detect application of accessing to sensitive combination of permissions, at the same time be able to detect the APK file on the SD card. Comparison of functional tests to the three similar software, the test results show that permission testing procedures proposed in this paper can run properly in accordance with the predetermined target, and achieve more functionality than the other two software functional testing of three similar software. In order to verify the performance of the permissions testing procedures, we test three software’s power consumption and memory test. In order to achieve the power consumption test, by means of PowerTutor testing tools we test software power consumption. The results show that the permission detection method proposed in this paper consumes less power than the other software. Performing memory comparison test, we use the program panel tools, test results show that the program memory overhead of the permission detection program is one percent; the other two software memories overhead is two percent. The above testing results prove that the permission testing procedures proposed in this paper is feature-rich, low power consumption, small memory overhead. |
PDF Full Text Request